PSX5Central
Non Gaming Discussions => Off-Topic => Topic started by: ##RaCeR## on August 13, 2003, 03:50:52 AM
-
Does it cause an error "svchost has generated errors and will be closed by Windows" upon startup???
Im running Win 2000. Scanning now...
-
Originally posted by Samwise in the Hardware/ software forum
LOL... it\'s God\'s way of punishing you. He thinks you\'re TEH GHEY!
:laughing:.
-
Yes. Hold on while I get the solution for ya.
-
Its in the same thread in hardware/software were i got that quote from sammy.
-
How the hell did I get it, thats what I want to know. I have Black Ice firewall and Norton Corporate Edition.
How the hell did it get past?
-
Try this to see if you have it for sure.
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
Hope you stay on long enough. :)
-
Here\'s some patches for ya.
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp
-
Don\'t know... did you visit any nasty sites ?
-
Thi virus doesn\'t seem to cause whats happening on my machine though.
Is it different on XP vs 2000???
-
Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
Risk
High
Date Discovered
07-16-2003
Description
A buffer overrun vulnerability has been reported in Microsoft Windows that can be exploited remotely via a DCOM RPC interface that listens on TCP/UDP port 135. The issue is due to insufficient bounds checking of client DCOM object activation requests. Exploitation of this issue could result in execution of malicious instructions with Local System privileges on an affected system.
This issue may be exposed on other ports that the RPC Endpoint Mapper listens on, such as TCP ports 139, 135, 445 and 593. This has not been confirmed. Under some configurations the Endpoint Mapper may receive traffic via port 80.
Update
Enterprise Security Manager
Symantec has posted an Enterprise Security Manager™ Response Policy for this vulnerability. It is available here.
Norton Internet Security / Norton Internet Security Professional
Symantec has released an update for these products, via LiveUpdate, to detect this vulnerability. Users of these products should run LiveUpdate to ensure protection against this threat.
Symantec Client Firewall
Symantec has released an update for Symantec Client Firewall to detect attempts to exploit this vulnerability. Symantec Client Firewall users should run LiveUpdate to ensure protection against this threat.
Symantec Client Security
Symantec has released an update for Symantec Client Security to detect attempts to exploit this vulnerability. Symantec Client Security users should run LiveUpdate to ensure protection against this threat.
Symantec Gateway Security
Symantec has released an update for Symantec Gateway Security, via LiveUpdate, to detect this vulnerability. Symantec Gateway Security users should run LiveUpdate to ensure protection against this threat.
Symantec ManHunt 3.0
Symantec has released a Security Update for users of Symantec Manhunt 3.0. Click here for more information.
Symantec Vulnerability Assessment
Symantec Vulnerability Assessment detects and reports this vulnerability. Click here for further information.
Components Affected
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Recommendations
Block external access at the network boundary, unless service is required by external parties.
Hosts that can send malicious traffic to TCP port 135 can exploit this issue. External access to this port should be filtered at network perimeters. Permit access for trusted or internal hosts and networks only.
Implement multiple redundant layers of security.
Multiple layers of network access control and intrusion detection should be deployed to limit exposure to potentially vulnerable systems and monitor network traffic for malicious or anomalous activity.
Microsoft has released patches to address this issue:
Microsoft Windows 2000 Advanced Server SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Advanced Server SP2:
Microsoft Windows 2000 Datacenter Server SP4:
Microsoft Windows 2000 Datacenter Server SP3:
Microsoft Windows 2000 Datacenter Server SP2:
Microsoft Windows 2000 Professional SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Professional SP2:
Microsoft Windows 2000 Server SP4:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP3:
Microsoft Patch Windows2000-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117&displaylang=en
Microsoft Windows 2000 Server SP2:
Microsoft Windows NT Enterprise Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en
Microsoft Windows NT Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en
Microsoft Windows NT Terminal Server 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=6C0F0160-64FA-424C-A3C1-C9FAD2DC65CA&displaylang=en
Microsoft Windows NT Workstation 4.0 SP6a:
Microsoft Patch Q823980i.EXE
http://microsoft.com/downloads/details.aspx?FamilyId=2CC66F4E-217E-4FA7-BDBF-DF77A0B9303F&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition :
Microsoft Windows Server 2003 Datacenter Edition 64-bit :
Microsoft Windows Server 2003 Enterprise Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition 64-bit :
Microsoft Patch WindowsServer2003-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2B566973-C3F0-4EC1-995F-017E35692BC7&displaylang=en
Microsoft Windows Server 2003 Standard Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en
Microsoft Windows Server 2003 Web Edition :
Microsoft Patch WindowsServer2003-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=F8E0FF3A-9F4C-4061-9009-3A212458E92E&displaylang=en
Microsoft Windows XP 64-bit Edition SP1:
Microsoft Patch WindowsXP-KB823980-ia64-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=1B00F5DF-4A85-488F-80E3-C347ADCC4DF1&displaylang=en
Microsoft Windows XP 64-bit Edition :
Microsoft Windows XP Home SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows XP Home :
Microsoft Windows XP Professional SP1:
Microsoft Patch WindowsXP-KB823980-x86-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532-3DE40F69C074&displaylang=en
Microsoft Windows XP Professional :
References
Source: Microsoft Security Bulletin MS03-026
URL: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
-
the flaw will do different things to a 2000 machine then a XP machine
-
What the hell does that all mean though??? I\'m not a techno geek, I have no idea about TCP 40 proxy whateva DCM...
-
ewww..... I thought I had a bloody worm once. It was only diarrhea.
Seriously, tho...
-
you have two solutions
1. keep windows updated, the patch for this flaw was released back in july.
2. run linux
-
but how did i get it (if it is indeed the worm, still scanning...) if I have both firewall and anti virus software?
-
here\'s a hint
GO READ
you might learn something
*hint [sp]tftp[/sp]
-
Look, I dont understand ok, I am just asking for some help. Everyone has to learn at some stage so if your too stuck up to help then stuff you.
Im not stupid because I dont know all these things, I have just never been taught.
-
well....stop making excuse and do something about it
the flaw uses a commonly open port that really isnt used for viri
it\'s not even correct to call this a virus, it\'s an exploitation of a windows flaw...hence why that shitty firewall you use didnt catch it
get a real firewall like zonealarm
-
My fiance got that tftp thing last week. I took a simple approach to fixing it.
Format C:
:D
New firewall (Netgear\'s FVS318), reloaded XP, downloaded patch.
It works fine. That is until they find another hole (which is a question of when - coz they will).
-
OK, the virus scan is over and it says no virus.
off to the event log to see what the hell is going on..
-
OMFG!! you formatted?
-
Originally posted by mm
OMFG!! you formatted?
yeah ...That’s like nuke’n a whole city just because one condo had roaches
:eek:.
-
formatting is way overreacting... it was simple to get it off of my machine.
Scanning for viruses won\'t find it because it\'s not a virus, it\'s a worm.
THIS REMOVES THE BLASTER WORM
http://securityresponse.symantec.com/avcenter/FixBlast.exe
-
This is bloody ridiculous. I download the fixblast thing, it searches my system and then tells me i dont have the worm. it redirected me to the patch, which i have now downloaded.
Well if I dont have it then what the hell do I have?
-
I had this happen to me 2 days ago at work on my dial up laptop. The RCP Service kept terminating... after about 5 minutes of searching the internet, I had the patch and haven\'t had any problems since. In hindsight I should have patched back in July. They don\'t put those security warnings out there for nothing.
-
well, i\'ve rebooted and i haven\'t had the problem since, i just find it strange that the fix blast program didn\'t detect it.
-
Just format it.
That\'s a sure fire way.
:laughing:
Seriously guy\'s, get Windows updated and it stops ninety percent of these problems.
-
...and turning off ports you don\'t use
-
Originally posted by mm
OMFG!! you formatted?
Yeah. Her PC has never had a firewall for over a year. She said that funnyu stuff would happen to her computer...like her internet surfing would bog down to a crawl even though she\'s on cable. Sometimes a window would close even though she just opened it.
Heh....I think she got hacked. So even if I got a firewall now, the trojan file could still open up a port.
Anyway, she just uses the computer for Sims and reading email.
No biggie.
-
Never occured to you to just run an anti-virus and spyware killer?
That would of fixed those problems, most likely.
-
So many new ones to check for. Start fresh, no more naggin questions like "ARE YOU SURE MY PC IS SAFE? HUH? WHAT IF THERE\'S A NEW ONE THAT CHANGES NAMES LIKE IN THE MOVIES???"
Format C: and be done with it, I said.
-
I downloaded the patch today just to be safe, never had any problems though.
-
I\'ve spent the past 3 days deleting that worm from people\'s computers. Worm=Bad for noobs, good for me $$$
-
I disagree on the Zone Alarm suggestion. It is software, and thus can never go up to a hardware firewall standard. Most simple little dsl or cable routers kept most safe. The only calls I have had to go on was either dial-up, or DSL-Cable hooked up directly to the p.c.
-
you think a hardware firewall has a little gnome inside the box magically checking each packet?
:rolleyes:
-
Originally posted by mm
you think a hardware firewall has a little gnome inside the box magically checking each packet?
It doesn\'t?!?
-
Originally posted by mm
you think a hardware firewall has a little gnome inside the box magically checking each packet?
:rolleyes:
My PC is safe. :) Thanks to my Netgear Prosafe VPN FVS318 (with an added Lysol ;) mod)
-
I\'ve got a problem on my laptop at home... I will be on the internet
for about 10 minutes, then a search page will open that has no toolbar, when I hit ctrl-W a little window pops up that says "just search and go!" with an OK button that won\'t stop coming back. I have to use the task manager to close it. Really sucks! Will zone alarm take care of that, mm? My co-worker has it and says it\'s great, but he has to ask me to change his screensaver, so I don\'t
think he\'s very savvy...
-
Originally posted by mm
you think a hardware firewall has a little gnome inside the box magically checking each packet?
:rolleyes:
Beware of the underpants gnome....
Could someone do some reasearch and find the most rescent post from mm where he wasn\'t telling someone they are an idiot? I know it\'s been awile. But it\'s certainly made things interesting. :whip:
-
is it just me or does this virus remind you of [sp]the virus in Terminator 3...[/sp]
-
yeah, i miss insulting people
i find myself being to soft anymore
it\'s clyde\'s fault
-
errr what?!?!
-
Umm Number one problem I can see in this thread is the amount of people who use Norton Antivirus....... PLEASE!!! If you want a good virus scanner go out and get pccillin from trend http://www.trend.com plus you can download a respectable mblast cleaner on there site that can run from a disk in dos. This worm causes no real damange so for god sake dont fdisk and reinstall thats just stupid.
-
Word @ Cyrus. I use that software as well and it\'s teh shiznitz. Or something.
-
I\'m not a computer nerd so I don\'t understand wtf is going on. But I get a message telling me I have to shutdown in less than one minute when I boot up, is this the virus?
-
^^
Sounds like it. It apparently does different things on different versions of the operating system.
-
that\'s the worm, quick fix is delete msblast. You can also type in shutdown -a in your command prompt, to override the shutdown and then download blaster fix from the symantec web site.
-
Thanks, I can download porn now :)
-
For all that are suffering the Rath of wrom_msblast.a here is a link to a really good site that will help you get rid of it http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A
Hope that helps!
CyRus
Plus about the firewall if you have xp its built in just gotta turn it on.
-
Originally posted by mm
you think a hardware firewall has a little gnome inside the box magically checking each packet?
:rolleyes:
:rolleyes: Port 135 has no real reason to enter the network. Thus no magic GNOMES needed. Though it may all be magical to you.:D
-
Originally posted by Cyrus
Umm Number one problem I can see in this thread is the amount of people who use Norton Antivirus....... PLEASE!!! If you want a good virus scanner go out and get pccillin from trend http://www.trend.com plus you can download a respectable mblast cleaner on there site that can run from a disk in dos. This worm causes no real damange so for god sake dont fdisk and reinstall thats just stupid.
Norton isn\'t bad - I use it at home and haven\'t had a problem and when the worm infected my laptop I used the symantec cleaner to get rid of it. FYI I use AVG on my laptop because it doesn\'t use many system resources.
I think most people who got this didn\'t have an up to date virus definition and secondly, the number one problem is the amount of people who didn\'t patch back in July when MS issued the announcement of the flaw.
-
....Two "magical words" guy\'s...
WINDOWS UPDATE [/u]
Ohhh...Pretty ...fixes these problems...Oh wait is Windows Update [/u] reserved for "nerds"?
:")
-
there\'s over 65,000 ports on your computer
take a pick
:rolleyes:
-
I have no firwall, lotsa ports opened on my router, and no virus protection on my main machine and I didn\'t get the virus. I just installed the patch weeks ago. I heard tommorrow is supposed to be the day when the virus is going to launch an attack of MS\'s help site. :eek:
-
Originally posted by mm
there\'s over 65,000 ports on your computer
take a pick
:rolleyes:
Most are listed for certain applications. It is not rocket science. Ports such as the messenger service have no use coming in. Hell port 80 should not be unless a connection is established. Unless of course you run a web server.
MM I realize you say you work with computers, but it appears the only work you do with them is post on boards non stop attempting to degrade individuals.
-
i didn\'t degrade anyone, it\'s like you hear something about computers on the news, and you regurgitate it here
most ports are NOT listed for certain apps. below port 1024 is for common apps. if messenger service has no use coming in, how will you get a message?
-
MM are you even aware of what messenger service 135 is?
If memory serves me right. It is the same port used in net send messages. Or atleast an initiator.
I also hate to break it to you, but it is not regurgitation off of the media. I am current in the IT field. I can list the initials behind my name if you wish. I almost guarantee it is a longer list than yours.
EDIT: MM don\'t take it personal. I am not, and doubt I ever will be a fan of software firewalls. Especially when you can pick up somthing like a cisco pix 501 for a couple hundred bucks. This part I am about to regurgitate from what I have read. I believe norton internet security had problems with this worm. The simple fact of the matter is that the operating system still controls the software.
EDIT again: Here is a quick list of tcp-ip ports used. You will notice a tremendous amount above port 1024. 1024 may have been the limit 2-3 years ago??
http://www.iana.org/assignments/port-numbers
-
Good ol Win98:p
-
God Dammit, there are ZERO pics of Ogre on the internet.
-
If the guy who coded the worm wanted it to attack MS Update at a certain date, wouldn\'t it be wiser if it didn\'t make itself visible with the whole "60 secs to restart" deal? People will know something\'s up and (try and) get rid of it... not the way I would have designed it personally. :)
-
Samwise I believe there is a new variant out there that does just that.
-
Too bad man I haven\'t ever gotten a virus YET. But I recieved an insta kiss thing and I put in my password to see who it was from next thing I know I look in sent mail and like over 100 of those insta kisses are sent out.